[jira] [Commented] (PARQUET-2338) CVE-2022-25168 in hadoop-common

jincongho (Jira) Thu, 24 Aug 2023 16:57:21 -0700


    [ 
https://issues.apache.org/jira/browse/PARQUET-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17758777#comment-17758777
 ]


jincongho commented on PARQUET-2338:
------------------------------------

[~ste...@apache.org] Yes, the commit is correct. It's just not been released 
yet, maybe a 1.13.2 soon?

> CVE-2022-25168 in hadoop-common
> -------------------------------
>
>                 Key: PARQUET-2338
>                 URL: https://issues.apache.org/jira/browse/PARQUET-2338
>             Project: Parquet
>          Issue Type: Bug
>          Components: parquet-hadoop
>    Affects Versions: 1.13.1
>            Reporter: jincongho
>            Priority: Major
>
> [CVE-2022-25168|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25168]
>  requires updating hadoop-common to 3.2.4 or 3.3.3.
> Although `FileUtils.untar` isnt used inparquet-hadoop, will appreciate if we 
> can release a new parquet-hadoop soon with these newer version. Otherwise 
> parquet-hadoop will be flagged as security concern too.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (PARQUET-2338) CVE-2022-25168 in hadoop-common

Reply via email to